#!/usr/bin/perl
## Owner: jcran
## Purpose: Automate a pentest's initial work
## Description:
##	1) Gather user input
##	2) Set up environment for automatic pentest
##      3) Kick off auto pentest
##
## Notes: Script should be run from consulting.rapid7.com
##
use YAML::Tiny;

## Set up Initial Environment
## --------------------------
$ENV{AP_ROOT}=cwd; # assume we're in the base directory (all other scripts exist below this)
$ENV{AP_NMAP_SCRIPT_DIR}="scripts/nmap-auto-scripts";
    

# Create a YAML file
my $configFile = $ARGV[0];
my $config = YAML::Tiny->new;

print ("using ... $configFile\n");
    
# Open the config
$config = YAML::Tiny->read($configFile);
 
# Reading specific properties
my $hostFile = $yaml->[0]->{hostfile};
my $domain   = $yaml->[0]->{domain};

# Reading scan-level properties
$ENV{AP_TOOLKIT} = $yaml0->[0]->{toolkit};
my $toolkit = $yaml->[0]->{toolkit};
my $debugLevel = $yaml->[0]->{debuglevel};
my $doNmapFull = $yaml->[0]->{nmap}->{full};
my $doNmapQuick = $yaml->[0]->{nmap}->{quick};
my $doMaintenance = $yaml->[0]->{maintenance};

# Service-Specific Levels
my $doSSFTP = $yaml->[0]->{services}->{ftp};
my $doSSHTTP = $yaml->[0]->{services}->{http};
my $doSSHTTPS = $yaml->[0]->{services}->{https};
my $doSSDNS = $yaml->[0]->{services}->{dns};
my $doSSSMTP = $yaml->[0]->{services}->{smtp};
my $doSSCIFS = $yaml->[0]->{services}->{cifs};

## Make sure the user's set the appropriate options
## ------------------------------------------------
if($toolkit eq "changeme"){
   die "ERROR: You didn't look at the script, did you?"
}
   
## Gather user options
## --------------------
my $numArgs = $#ARGV + 1;
if ($numArgs ne 2){
	print "Usage: $0 [configFile] [projectName]\n";
	exit
}

## Set User-Based Variables
## -------------------------------------------------------
$ENV{AP_PROJECT_NAME}=$ARGV[1];
$ENV{AP_HOST_FILE}=$hostFile;
$ENV{AP_HOST_DOMAIN}=$domain;
$ENV{AP_DEBUG}=$debugLevel;
$ENV{AP_RESULT_DIR}=$ENV{AP_PROJECT_NAME} . "/results";
$ENV{AP_LOG_DIR}=$ENV{AP_PROJECT_NAME} . "/log";

## Make nececessary directories, if they don't already exist
## ----------------------------------------------------------
if ( -d $ENV{AP_PROJECT_NAME}){
   if ($ENV{AP_DEBUG} > 2){
	print ($ENV{AP_PROJECT_NAME} . " already exists.");
   }
}
else{
   if ($ENV{AP_DEBUG} > 1){
	print ($ENV{AP_PROJECT_NAME} . " doesn't exist. creating structure (results, log, services).");
   }
   mkdir($ENV{AP_PROJECT_NAME}, 0775);
   mkdir($ENV{AP_PROJECT_NAME} . "/" . $ENV{AP_RESULT_DIR}, 0775);
   mkdir($ENV{AP_PROJECT_NAME} . "/" . $ENV{AP_LOG_DIR}, 0775);
   mkdir($ENV{AP_PROJECT_NAME} . "/services", 0775);
}

## Ensure we can read hosts file
## ----------------------------
if ( -e $ENV{AP_HOST_FILE}){
   if ($ENV{AP_DEBUG} > 2){
	print ($ENV{AP_PROJECT_NAME} . " is readable.");
   }
}
else{
   die "Can't read host file";
}

## Ensure we're running w/ root permissions
## ----------------------------------------
if (getlogin() ne "root"){
   die "This script must be run with sudo..."
}

## DEBUG - Enumerate Environment
## ------------------------------
if ($ENV{AP_DEBUG} > 0){
   print "YAML->hostfile: " . $hostFile . "\n";
   print "YAML->domain: " . $domain . "\n";

   # Reading scan-level properties
   print "YAML - Toolkit Directory: " . $toolkit . "\n";
   print "YAML - Debug Level: " . $debugLevel . "\n";
   print "YAML - Full Nmap Scan: " . $doNampFull . "\n";
   print "YAML - Quick Nmap Scan: " . $doNampQuick . "\n";
   print "YAML - Service Maintenance: " . $doMaintenance . "\n";

# Service-Specific Levels
   print "\nService Specific Scans:\n";
   print "FTP: " . $doSSFTP . "\n";
   print "HTTP: " . $doSSHTTP . "\n";
   print "HTTPS: " . $doSSHTTPS . "\n";
   print "DNS: " . $doSSDNS . "\n";
   print "SMTP: " . $doSSSMTP . "\n";
   print "FTP: " . $doSSCIFS . "\n";

   print "Setting System Debug Level to " . $ENV{AP_DEBUG} . "\n";
   print "Setting System Base Directory to" . $ENV{AP_ROOT} . "\n";
   print "Setting System Toolkit Directory to" . $ENV{AP_TOOLKIT} . "\n";
   print "Setting System Project Name to" . $ENV{AP_NAME} . "\n";
   print "Setting System Hosts File to" . $ENV{AP_HOST_FILE} . "\n";
   print "Setting System DNS Domain to" . $ENV{AP_HOST_DOMAIN} . "\n";
   print "Setting System Results Directory to" . $ENV{AP_RESULT_DIR} . "\n";
   print "Setting System Log Directory to" . $ENV{AP_LOG_DIR} . "\n";
   print "Setting System Nmap Script Directory to" . $ENV{AP_NMAP_SCRIPT_DIR} . "\n";
}

## Kick off nmap scripts
system("bash", "scripts/nmap-auto-scripts/nmap-auto-pentest.sh");

## Start service-specific scans
system("bash", "scripts/ss-auto-scripts/ss-auto-pentest.sh");

## Set usable permission
system("bash", "chmod 777 $AP_PROJECT_NAME -R");
